Since 2008, BlueImpact has been a leading consulting company in the field of privacy and security design, development, and implementation for electronic Health Information Exchange (HIE) Solutions. BlueImpact has developed an EHR Privacy and Security Reference Architecture and HSP Privacy Management Reference Framework with implementation toolkits. BlueImpact has also developed a Privacy Impact Assessment Methodology and Threat and Risk Assessment Methodology that have been applied successfully in multiple projects for healthcare organizations.
Over the past four years, BlueImpact has assisted various healthcare organizations in developing and delivering secure services and solutions to their clients in accordance with applicable laws and regulations. BlueImpact’s healthcare clients include the Ministry of Health and Long-Term Care (MOHLTC), eHealth Ontario, Community Care Information Management (CCIM), the Ontario Telemedicine Network (OTN), and numerous Local Health Information Networks (LHINs).
BlueImpact has helped Smart Systems for Health Agency (now known as eHealth Ontario), OTN, Consolidated Health Information Services (CHIS), and William Osler Health Centre develop customized systematic approaches to meeting their legal obligations under the Personal Health Information Protection Act, 2004 (PHIPA) as Health Information Network Providers (HINPs).
BlueImpact specializes in the following areas of information security and privacy consulting:
• Privacy design, development, testing for Electronic Health Records (EHRs)
• Privacy implementation and adoption for EHRs
• Privacy program development and implementation
• Privacy Impact Assessment (PIA)
• Threat and Risk Assessment (TRA)
• Information security governance
• Information security management systems in accordance with ISO 27001
• Information security framework development/implementation
• Security assessment and penetration testing and code review (infrastructure and application)
• Compliance frameworks for meeting legal requirements and standards (PHIPA, FIPPA, PIPEDA, SOX, Bill 198, PCI DSS, and ISO 27001)